diff --git a/terraform/gcp/modules/mysql-shard/mysql.tf b/terraform/gcp/modules/mysql-shard/mysql.tf
index 1746b5b08..4a9ad4035 100644
--- a/terraform/gcp/modules/mysql-shard/mysql.tf
+++ b/terraform/gcp/modules/mysql-shard/mysql.tf
@@ -25,7 +25,7 @@ resource "google_sql_database_instance" "trillian" {
   database_version = var.database_version
   region           = var.region
 
-  # Set to false to delete this database
+  # Set to false to delete this database using terraform
   deletion_protection = var.deletion_protection
 
   settings {
@@ -33,6 +33,9 @@ resource "google_sql_database_instance" "trillian" {
     activation_policy = "ALWAYS"
     availability_type = var.availability_type
 
+    # this sets the flag on the GCP platform to prevent deletion across all API surfaces
+    deletion_protection_enabled = var.deletion_protection
+
     ip_configuration {
       ipv4_enabled    = var.ipv4_enabled
       private_network = var.network
diff --git a/terraform/gcp/modules/mysql/mysql.tf b/terraform/gcp/modules/mysql/mysql.tf
index c79f144c0..7839ebc60 100644
--- a/terraform/gcp/modules/mysql/mysql.tf
+++ b/terraform/gcp/modules/mysql/mysql.tf
@@ -109,7 +109,7 @@ resource "google_sql_database_instance" "sigstore" {
   database_version = var.database_version
   region           = var.region
 
-  # Set to false to delete this database
+  # Set to false to delete this database using terraform
   deletion_protection = var.deletion_protection
 
   depends_on = [google_service_networking_connection.private_vpc_connection]
@@ -119,6 +119,9 @@ resource "google_sql_database_instance" "sigstore" {
     activation_policy = "ALWAYS"
     availability_type = var.availability_type
 
+    # this sets the flag on the GCP platform to prevent deletion across all API surfaces
+    deletion_protection_enabled = var.deletion_protection
+
     ip_configuration {
       ipv4_enabled    = var.ipv4_enabled
       private_network = var.network